[cryptography] Newbie Question

Marsh Ray marsh at extendedsubset.com
Thu Dec 1 21:40:10 PST 2011


On 12/01/2011 11:11 PM, Sampo Syreeni wrote:
> On 2011-12-01, Randall Webmail wrote:
>
>> I am an almost-complete greenie WRT crypto, which is why I'm here
>> to learn.
>>
>> What is the proper thing to do when one of those things pops up?
>> (It is NOT a rare event).
>
> They mostly mean you no harm.

You don't know that.

For all we know, Randall Webmail is someone who posted something
derogatory about the King or El Presidente and when the Honor Police get
on his Facebook they're going to round up all his friends along with him.

Or he's sitting comfortably in his quite suburban home and he happens to
have one of the estimated 1M home routers that are pwned or 1M PCs with
the dnschanger trojan and his banking session is being redirected to a  
hostile server.
http://www.eweek.com/c/a/Security/Researchers-Discover-Link-Between-TDSS-Rootkit-and-DNSchanger-Trojan-753018/


> So just accept/except.

This is not good advice.

> But always bear in mind that it *could* be a man-in-the-middle
> attack.

All legitimate secure sites have a valid certificate, or the site is  
horribly broken.

If you ask for a secure site, and are presented with a certificate that  
was not issued to the legitimate site, it *is* a man-in-the-middle attack, 
by definition.

Just because you're staying in a hotel does not mean that you must allow  
that hotel to intercept your secure communications. Furthermore, you  
probably have know way of knowing that it even is the hotel that's  
intercepting you. Hotel networks are not known for themselves being  
secure, and authentication systems tend not to degrade gracefully.

- Marsh
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE





More information about the cypherpunks-legacy mailing list